fix(deps): update module github.com/containerd/containerd/v2 to v2.2.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/containerd/containerd/v2	v2.1.5 -> v2.2.0

---

Release Notes

containerd/containerd (github.com/containerd/containerd/v2)

v2.2.0: containerd 2.2.0

Compare Source

Welcome to the v2.2.0 release of containerd!

The second minor release of containerd 2.x focuses on continued stability alongside
new features and improvements. This is the second time-based released for containerd.

Highlights

• Add mount manager (#​12063)

  The mount manager is a new service that provides lifecycle management for filesystem mounts
  to support more advanced use cases, such as:

  • Device formatting to create formatted filesystems (xfs, ext4) on-demand
  • Mount activation to prepare devices such as loopbacks or network fileystems
  • Mount transformation to allow mount arguments to be filled in dynamically from previous mounts
  • Garbage collection of mounts to ensure temporary mounts are never leaked

• Add conf.d include in the default config (#​12323)

• Add support for back references in the garbage collector (#​12025)

Container Runtime Interface (CRI)

• Pod Sandbox Metrics (#​10691)

  Full implementation of Kubernetes CRI pod-level metrics API

  • ListPodSandboxMetrics: Query metrics for running pods/sandboxes
  • ListMetricsDescriptors: Discover available metrics and their descriptions

• Support image volume mount subpath (#​11578)

Go client

• Update pkg/oci to use fs.FS interface and os.OpenRoot (#​12245)

Image Distribution

• Parallel Unpack (#​12332)

  Adds support for unpacking layers in parallel during pull operations. This feature is supported with overlayfs and EROFS snapshotters.

• OCI Referrers Support (#​12309)

  Adds new referrers fetcher to remote registry interface using the new referrers endpoint added in OCI distribution-spec 1.1

• Tar unpack progress through transfer service (#​11921)

Image Storage

• EROFS enhancements using mount manager (#​12333)

  Improvements to EROFS snapshotter using the new mount manager service

  • Quota Support: Support for sized block devices as the upper layer for overlayfs
  • Mount Lifecycle: Loopback setup, block device creation, and overlayfs argument formatting is moved to the
    mount manager to be performed on-demand or within the runtime.
  • Mount handler: To allow optimization of EROFS mount types based on the current system
  • macOS Support: EROFS snapshotter can now be used on Darwin to natively allow image pulls
  • Tar index mode: Efficiently generate EROFS metadata backed by original tar content (#​11919)

• Add snapshotter and differ for block CIMs (#​12050)

Node Resource Interface (NRI)

• Enable otel traces in NRI (#​12082)
• Add WASM plugin support (containerd/nri#121)

Runtime

• Improve shim load time after restart by loading in parallel (#​12142)
• Fix pidfd leak in UnshareAfterEnterUserns (#​12167)

Deprecations

• Deprecate cgroup v1 (#​12445)
• Postpone v2.2 deprecation items to v2.3 (#​12417)

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Phil Estes
• Akihiro Suda
• Maksym Pavlenko
• Wei Fu
• Krisztian Litkey
• Mike Brown
• Akhil Mohan
• Markus Lehtonen
• Samuel Karp
• Sebastiaan van Stijn
• ningmingxiao
• Austin Vazquez
• yashsingh74
• Gao Xiang
• Kirtana Ashok
• Jin Dong
• Chris Henzie
• Aadhar Agarwal
• Etienne Champetier
• Henry Wang
• Rodrigo Campos
• Sascha Grunert
• Aleksa Sarai
• Eric Mountain
• Keith Mattix II
• Paweł Gronowski
• Tõnis Tiigi
• Adrien Delorme
• Apurv Barve
• Enji Cooper
• Kohei Tokunaga
• Max Jonas Werner
• Rehan Khan
• Yang Yang
• jinda.ljd
• jokemanfire
• Amit Barve
• Andrew Halaney
• Antonio Ojea
• Brian Goff
• Carlos Eduardo Arango Gutierrez
• Chenyang Yan
• Dawei Wei
• Divya Rani
• Evan Anderson
• Fabiano Fidêncio
• Iceber Gu
• Jared Ledvina
• Jonathan Perkin
• Jose Fernandez
• Karl Baumgartner
• Michael Weibel
• Osama Abdelkader
• Radostin Stoyanov
• Ruidong Cao
• Sameer
• Sergey Kanzhelev
• Swagat Bora
• Sylvain MOUQUET
• Tom Wieczorek
• Tycho Andersen
• Wuyue (Tony) Sun
• suranmiao
• tanhuaan
• wheat2018
• zounengren

Dependency Changes

• dario.cat/mergo v1.0.1 -> v1.0.2
• github.com/Microsoft/hcsshim v0.13.0-rc.3 -> v0.14.0-rc.1
• github.com/StackExchange/wmi cbe6696 new
• github.com/checkpoint-restore/checkpointctl v1.3.0 -> v1.4.0
• github.com/containerd/cgroups/v3 v3.0.5 -> v3.1.0
• github.com/containerd/console v1.0.4 -> v1.0.5
• github.com/containerd/containerd/api v1.9.0 -> v1.10.0
• github.com/containerd/go-cni v1.1.12 -> v1.1.13
• github.com/containerd/nri v0.8.0 -> v0.10.0
• github.com/containerd/platforms v1.0.0-rc.1 -> v1.0.0-rc.2
• github.com/containernetworking/plugins v1.7.1 -> v1.8.0
• github.com/coreos/go-systemd/v22 v22.5.0 -> v22.6.0
• github.com/cpuguy83/go-md2man/v2 v2.0.5 -> v2.0.7
• github.com/emicklei/go-restful/v3 v3.11.0 -> v3.13.0
• github.com/fxamacker/cbor/v2 v2.7.0 -> v2.9.0
• github.com/go-jose/go-jose/v4 v4.0.5 -> v4.1.2
• github.com/go-logr/logr v1.4.2 -> v1.4.3
• github.com/go-ole/go-ole v1.2.6 new
• github.com/golang/groupcache 41bb18b -> 2c02b82
• github.com/google/certtostore v1.0.6 new
• github.com/google/deck 105ad94 new
• github.com/gorilla/websocket v1.5.0 -> e064f32
• github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1 -> v1.1.0
• github.com/hashicorp/errwrap v1.1.0 new
• github.com/intel/goresctrl v0.8.0 -> v0.10.0
• github.com/klauspost/compress v1.18.0 -> v1.18.1
• github.com/knqyf263/go-plugin v0.9.0 new
• github.com/moby/sys/capability v0.4.0 new
• github.com/modern-go/reflect2 v1.0.2 -> 35a7c28
• github.com/opencontainers/runtime-tools 2e043c6 -> 0ea5ed0
• github.com/prometheus/client_golang v1.22.0 -> v1.23.2
• github.com/prometheus/client_model v0.6.1 -> v0.6.2
• github.com/prometheus/common v0.62.0 -> v0.66.1
• github.com/prometheus/procfs v0.15.1 -> v0.16.1
• github.com/stretchr/testify v1.10.0 -> v1.11.1
• github.com/tchap/go-patricia/v2 v2.3.2 -> v2.3.3
• github.com/tetratelabs/wazero v1.9.0 new
• github.com/urfave/cli/v2 v2.27.6 -> v2.27.7
• github.com/vishvananda/netlink 0e7078e -> v1.3.1
• go.etcd.io/bbolt v1.4.0 -> v1.4.3
• go.opentelemetry.io/otel v1.35.0 -> v1.37.0
• go.opentelemetry.io/otel/metric v1.35.0 -> v1.37.0
• go.opentelemetry.io/otel/sdk v1.35.0 -> v1.37.0
• go.opentelemetry.io/otel/trace v1.35.0 -> v1.37.0
• go.uber.org/goleak v1.3.0 new
• go.yaml.in/yaml/v2 v2.4.2 new
• golang.org/x/crypto v0.36.0 -> v0.41.0
• golang.org/x/mod v0.24.0 -> v0.29.0
• golang.org/x/net v0.38.0 -> v0.43.0
• golang.org/x/oauth2 v0.27.0 -> v0.30.0
• golang.org/x/sync v0.14.0 -> v0.17.0
• golang.org/x/sys v0.33.0 -> v0.37.0
• golang.org/x/term v0.30.0 -> v0.34.0
• golang.org/x/text v0.23.0 -> v0.28.0
• golang.org/x/time v0.7.0 -> v0.14.0
• google.golang.org/genproto/googleapis/api 56aae31 -> a7a43d2
• google.golang.org/genproto/googleapis/rpc 56aae31 -> a7a43d2
• google.golang.org/grpc v1.72.0 -> v1.76.0
• google.golang.org/protobuf v1.36.6 -> v1.36.10
• k8s.io/api v0.32.3 -> v0.34.1
• k8s.io/apimachinery v0.32.3 -> v0.34.1
• k8s.io/client-go v0.32.3 -> v0.34.1
• k8s.io/cri-api v0.32.3 -> v0.34.1
• k8s.io/utils 3ea5e8c -> 4c0f3b2
• sigs.k8s.io/json 9aa6b5e -> cfa47c3
• sigs.k8s.io/randfill v1.0.0 new
• sigs.k8s.io/structured-merge-diff/v6 v6.3.0 new
• sigs.k8s.io/yaml v1.4.0 -> v1.6.0

Previous release can be found at v2.1.0

Which file should I download?

• containerd-<VERSION>-<OS>-<ARCH>.tar.gz: ✅Recommended. Dynamically linked with glibc 2.35 (Ubuntu 22.04).
• containerd-static-<VERSION>-<OS>-<ARCH>.tar.gz: Statically linked. Expected to be used on Linux distributions that do not use glibc >= 2.35. Not position-independent.

In addition to containerd, typically you will have to install runc
and CNI plugins from their official sites too.

See also the Getting Started documentation.

---

Configuration

📅 Schedule: Branch creation - "after 11pm every weekday,before 7am every weekday,every weekend" in timezone Europe/Brussels, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 11 additional dependencies were updated

Details:

Package	Change
dario.cat/mergo	v1.0.1 -> v1.0.2
github.com/Microsoft/hcsshim	v0.13.0 -> v0.14.0-rc.1
github.com/containerd/cgroups/v3	v3.0.5 -> v3.1.0
github.com/coreos/go-systemd/v22	v22.5.0 -> v22.6.0
go.opentelemetry.io/otel	v1.36.0 -> v1.37.0
go.opentelemetry.io/otel/metric	v1.36.0 -> v1.37.0
go.opentelemetry.io/otel/trace	v1.36.0 -> v1.37.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250218202821-56aae31c358a -> v0.0.0-20250804133106-a7a43d27e69b
google.golang.org/grpc	v1.72.2 -> v1.76.0
google.golang.org/protobuf	v1.36.7 -> v1.36.10
k8s.io/utils	v0.0.0-20241104100929-3ea5e8cea738 -> v0.0.0-20250604170112-4c0f3b243397

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 30.48%. Comparing base (4db86e8) to head (8cec139).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #392      +/-   ##
==========================================
+ Coverage   30.35%   30.48%   +0.13%     
==========================================
  Files          25       25              
  Lines        3051     3051              
==========================================
+ Hits          926      930       +4     
+ Misses       1937     1934       -3     
+ Partials      188      187       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v2.2.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.